Cloud SLA Force Majeure: Geopolitical Risk Checklist for Devs

Marketing pages promise 99.99% availability. Data processing agreements bury exceptions for war, embargo, government action, and labour stoppages. When missiles fly near cable landings or sanctions freeze payment rails, your dashboard turns red and your finance team learns the same lesson in the same hour: credits are narrower than slogans.

This field guide is written for engineers who sign architecture reviews and sometimes inherit procurement PDFs they never wanted. It does not replace counsel in your jurisdiction. It tells you which PDF pages to search, which questions to ask before you bet a country-specific region, and how to align SLOs with what contracts actually guarantee. Tie live examples to US-Iran ceasefire and Hormuz, Gulf recovery lags, nine-country energy stress, and refinery-driven oil spikes. For model spend parallel risks read Meta Muse Spark launch and Anthropic Mythos security. Track token economics on LLM API Pricing and labour automation framing on Will AI Replace Me. Stable APAC capex context: Microsoft Singapore $5.5B.

The First Page to Read Is "Definitions," Not the Uptime Table

Every hyperscaler redefines "Unavailable," "Downtime," and "Monthly Uptime Percentage" with specific measurement windows, excluded minutes, and carve-outs for customer-caused failures. Geopolitical outages often fall into buckets labelled force majeure or excused downtime that do not count toward credits.

Search the PDF for: force majeure, government regulation, embargo, war, military, terrorism, labour dispute, internet congestion, third-party network. Highlight sentences that say the provider is not liable when those events occur. That list is your true availability model.

Force Majeure Is Broader Than "Missiles Over the Data Center"

Providers interpret force majeure to include events outside their reasonable control: sanctions blocking equipment import, denial of overflight delaying parts, civil authority orders, power grid collapse upstream of the fence line, and backbone providers deprioritising routes for political risk. Your service can be unreachable while the data hall LEDs stay green.

Architecturally, that means multi-AZ inside one country is not geopolitical diversity. It is electrical and cooling diversity within the same legal and fibre basin.

SLA Credits, Insurance, and Customer-Caused Denials Share One Theme: Narrow Coverage

Typical SLA structures: monthly uptime below a threshold yields a percentage service credit against future invoices, capped and requiring a ticket within a fixed window (often near 30 days). Credits rarely cover consequential losses, lost revenue, or third-party SaaS dependencies.

For CFO conversations, translate 99.9% into 43 minutes of monthly downtime allowance before credits even start, then stack excluded minutes from maintenance windows and force majeure. The residual number is the economic risk you keep.

Cyber insurance and cloud SLAs are different instruments: policies may cover some business interruption under narrow conditions while SLAs cover narrow service credits under narrow definitions. They do not stack into one safety net. Table-top a case where Gulf regions degrade, your policy excludes war, and your SLA excludes force majeure; the uncovered tail is larger than most boards assume.

Misconfigured security groups, expired certificates, DDoS without purchased mitigation, and runaway autoscaling are customer responsibility in almost every annex. During geopolitical incidents, providers tighten scrutiny on unusual traffic. If your ticket mixes backbone impairment with self-inflicted DNS mistakes, credits get denied fast. Train support to split minute-by-minute provider status from your own change log so finance can forward a clean narrative.

Region Selection: Legal Basin and Cable Basin Overlap

Choosing Azure UAE North or Google Cloud Dubai optimises latency to Gulf users. It also concentrates risk into Middle Eastern legal jurisdiction and shared subsea corridors. That is rational for many products; it is lethal if your board thinks "multi-region" meant "multi-country" when both regions ride similar paths.

Before committing, produce a one-page map: primary landing stations, known terrestrial segments, and your secondary region on a different ocean basin if possible. EU Central plus Singapore beats "two Gulf regions" for true diversifier value.

Sanctions and Export Controls Are SLAs Too, Just Written by Governments

Cloud terms include acceptable use and export compliance clauses. If your workload touches restricted entities, regions, or dual-use AI training, the provider may suspend you without SLA breach. That is not downtime; it is account enforcement.

Engineers should run a basic screen: training data provenance, end-user countries, encryption thresholds, and whether your fine-tunes embed scraped content from sanctioned sources. Legal owns the final call; engineering owns knowing where data was born.

Status Pages Lag Reality: Comms, RTO, and RPO Together

During conflicts, vendor status pages lag military reality. Providers may know fibre risk before they can publish details. Expect vague "network impairment" language. Treat public posts as lagging indicators; treat private NOC tickets and traceroutes as leading indicators. Document your own customer comms policy: when you escalate from internal Slack to public status, who approves language that references geopolitics without speculation.

Recovery Time Objective and Recovery Point Objective planning often assumes engineers can flip DNS in minutes. If your secondary region lacks capacity during a mass failover event, real RTO stretches to days. If backups live in the same legal basin under seizure risk, RPO may be meaningless. Test restores quarterly with clocked runbooks. Store checksum manifests outside the primary cloud account. Mythos-class security research in Project Glasswing coverage is a reminder that software risk stacks with physical risk; backups help after corruption, not after exfiltration you never detected. Attach packet captures to credit claims only when legal approves.

The Checklist You Can Paste Into Confluence

1. Search DPA for force majeure and list excluded events in plain English for your team.
2. Map primary and secondary regions across different legal and cable basins.
3. Compute allowed downtime minutes from stated uptime percentages before credits.
4. Verify ticket windows for credit claims (often 30 days).
5. Confirm maintenance notification periods and whether they overlap with your change freezes.
6. Validate data residency promises against actual replication buckets and backup regions.
7. Add sanctions and export screening steps to CI for datasets and model weights.
8. Run failover drills that include DNS TTL and API rate limit behaviour under burst traffic.
9. Budget cross-region egress spikes; finance often forgets them until a war week.
10. Publish customer comms templates that are honest about latency without leaking vendor confidential routes.

Key Takeaways

• Marketing uptime ≠ contractual uptime; force majeure, government action, and third-party network clauses routinely exclude minutes during war, sanctions, and politically driven backbone shifts.
• Credits are capped service refunds, not revenue or reputational recovery; file claims inside vendor windows (often ~30 days).
• Multi-AZ solves facility failure; geopolitical diversity needs cross-basin regions and honest RTO/RPO tests.
• Sanctions and export breaches can suspend accounts without SLA credits; data provenance is an engineering input, not only legal paperwork.
• Status pages lag operational reality in conflicts; run your own probes and carrier tickets as leading signals.
• Live 2026 context: Hormuz and ceasefire economics here, recovery lags here, energy rationing here.